rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,359 Commits 4 Branches 28 Tags 5.4 MiB
Commit Graph

149 Commits

Author SHA1 Message Date
Omar Polo 91971201e5 break out if check_reply fails 
it's not a problem when we have only one check_reply at then end,
since $? is kept across function boundaries, but when we have multiple
checks we need to quit on the first error.
 2022-03-26 10:56:06 +00:00
Omar Polo e5d82d9472 const-ify some tables 
matches found with

	% grep -R '=[	 ]*{' . | fgrep -v const
 2022-03-19 11:02:42 +00:00
Omar Polo 12fcba2f80 use shell built-in `command' instead of which(1) 
it's specified by POSIX AFAIK and requires less redirections.
 2022-02-27 16:24:45 +00:00
Omar Polo fb1212266f add tests for the type block 2022-02-26 14:02:45 +00:00
Anna “CyberTailor” c1a72dab7a typo 2022-02-03 11:13:43 +01:00
Anna “CyberTailor” 1ca7a0f3bf don't skip unit tests when SKIP_RUNTIME_TESTS is set 
IRI and Punycode tests don't run gmid binary and can be safely executed.
 2022-02-03 11:13:41 +01:00
Omar Polo 5266f50060 posixify lib.sh: use = instead of == for test(1) 2022-01-30 13:31:29 +00:00
Omar Polo 964686ce0b remove unused function 2022-01-27 10:57:45 +00:00
Omar Polo 901905e0cf bail out of client_read if we've already decide what to do 
libevent2 can still somehowe call client_read even in code paths
that never enable reading from the evbuffer.  Can't reproduce on
the libevent in base on OpenBSD.  It's a bit ugly, but it's a small
workaround for something that otherwise *always* make gmid crash
when linked against libevent2.  (client_read works under the
assumption that c->host != NULL, matched_proxy crashes otherwise.)
 2022-01-05 18:58:01 +00:00
Omar Polo 92a9f41d3d add set_proxy to simplify testing + more checks in test_proxy_with_certs 2022-01-03 13:31:34 +00:00
Omar Polo 7b7def0a8f set prefork to 1 during regress 2022-01-03 13:31:34 +00:00
Omar Polo dd208aa2cf don't print `config OK' 2022-01-03 13:31:34 +00:00
Omar Polo e19f21f5a6 parethesize `proxy', I'm about to change the syntax 2022-01-02 13:48:32 +00:00
Omar Polo c064f3de1d add proxying with client certificate test 2022-01-01 16:33:44 +00:00
Omar Polo e6ab6b25fc typo 2022-01-01 16:33:44 +00:00
Omar Polo 4b5b1e82a9 add a test for the `proxy relay-to' rule 2021-12-29 20:36:54 +00:00
Omar Polo a62c63f261 retire the old gg 2021-12-29 18:18:41 +00:00
Omar Polo 7a4ae106ec switch to the new gg for the regress suite 2021-12-29 18:16:00 +00:00
Omar Polo ce09569f7b typo 2021-12-29 18:13:55 +00:00
Omar Polo ae0d3cdbbe typo 
forgot to rename variable in lib.sh: dont_check ->
dont_check_server_alive.
 2021-12-09 19:13:30 +00:00
Omar Polo e5285d5422 rename `runtime' to `regress' 
while there also kill an unused rule `regress', it's now redundant since
all the tests are run together.
 2021-12-09 20:06:38 +01:00
Omar Polo a721c233ee rename variable 2021-12-09 19:03:18 +00:00
Omar Polo 5741561d57 run all kinds of tests via tests.sh/runtime 
while there also change the dependency in the makefile: iri_test should
be alone, not as deps of `data'.
 2021-12-09 19:02:09 +00:00
Omar Polo ea47a245aa add ocs stapling checking for gg 2021-12-09 18:51:02 +00:00
Omar Polo 3096da4ef4 allow to run only a subset of the runtime tests 
with
	make TESTS='test_1 test_2 ...' regress

now it's possible to run only that specified subset of tests.  It's
really useful during debugging :)
 2021-10-07 08:55:44 +00:00
Omar Polo 6e0f14d51e re-add sha script; it's used in the Makefile 
While there, use it in the tests too
 2021-10-04 09:40:05 +00:00
Omar Polo 260becda9c reduced the timeout time for single checks 2021-10-04 09:34:39 +00:00
Omar Polo 4a2a525d7c allow running only specific tests 
It's now possible to run only a subset of the tests with:

	./runtime test1 test2 ...
 2021-10-04 09:30:18 +00:00
Omar Polo 99c91b4a51 remove unused script 2021-10-04 09:07:42 +00:00
Omar Polo 176179b2a9 rework the regression suite 
The tests are still there, the suite is equivalent to the old one, but
this one is better structured.

The biggest annoyance I had with the old one was that it wasn't
straightforward to test only a specific set of tests.  It's still
impossible, but it's way easier to do it now.

This extract all the tests to their own functions.  It's overall
better in all possible regards.
 2021-10-04 09:04:33 +00:00
Omar Polo c28994868e update clean target 2021-10-02 19:35:30 +00:00
Omar Polo 827cc37cff update tests 
* we don't add a space before the lang anymore
* we're more strict in CGI handling: the `invalid' CGI script now
  triggers a 42 CGI ERROR
 2021-10-02 17:20:56 +00:00
Omar Polo 3571854e94 fix possible out-of-bound access 
While computing the parent directory it an out-of-bound access can
occur, which usually means the server process dies.

In particular, it can be triggered by making a request for a
non-existent file in the root of a virtual host if the path matches
the `cgi` pattern.

Thanks cage for helping in debugging!
 2021-09-24 10:48:51 +00:00
Omar Polo 3e0164f4c3 use certs from regress/ 2021-07-19 11:37:01 +00:00
Omar Polo 735336b21e unbreak configless mode 
An un-initialized field in the configless code path leads to a crash
on the first request.
 2021-07-19 11:15:44 +00:00
Omar Polo a82d4dfa25 provide a fallback value for SKIP_RUNTIME_TESTS 
some [ implementation will warn about "bad number"
 2021-07-10 09:09:26 +00:00
Omar Polo d19951cf03 rename `mime MIME EXT' to `map MIME to-ext EXT' 
With the newish automatic string concatenation, options like `mime'
that accepts two strings as parameter start to become ambiguous: which
strings gets concatenated?  Instead of trying to document in the
manpage which argument(s) is subject to string concatenation, do the
concat always and introduce a separator.  In the case of mime,
`to-ext' now acts as a separator to distinguish.  While there, also
use a new keyword because it sounds better.

It's dead-easy to upgrade to the new configuration, possibly with some
sed magic, but for the moment the old `mime' form is preserved: (with
a warning!)  Will be dropped in the next release.
 2021-07-09 08:30:55 +02:00
Omar Polo bffa7daab8 provide a means to skip the runtime tests 
Setting the environment variable SKIP_RUNTIME_TESTS to 1 will prevent
the runtime tests.  This is useful when running the tests inside a
sandbox.

based on a similar diff by Anna "CyberTailor"
 2021-07-08 17:13:17 +02:00
Anna “CyberTailor” 9797799ad4 regress/Makefile: add missing LDFLAGS 2021-07-08 16:55:08 +02:00
Omar Polo 321341f6c0 add -T timeout to gg; don't let the regress test hang 2021-07-06 13:09:24 +00:00
Omar Polo ca3f67564c don't log too much by default 2021-07-06 11:53:24 +00:00
Omar Polo fb4102a5ff test macro expansion too 2021-07-06 11:52:28 +00:00
Omar Polo 7322a054f5 use -subj /CN=name when generating the keys for the tests 
`printf | openssl` is ugly :/
 2021-07-03 08:13:42 +00:00
Omar Polo 89c110fe7b be quieter 
nobody really cares if must_read fails, as it normally shouldn't.  It
only clutters the regression tests with scary messages that looks like
failure but are, in fact, expected.
 2021-06-15 08:07:44 +00:00
Omar Polo 0f2124e291 add some simple test for fastcgi 
and while there reorder the targets in the Makefile a bit
 2021-06-12 13:47:01 +00:00
Omar Polo 03fcfb79d6 add simple fcgi application for test purposes 2021-06-12 13:46:05 +00:00
Omar Polo f48e3b85a9 move gg to regress 2021-05-24 13:48:55 +00:00
Omar Polo 7aa9258633 make more explicit the per-location roots test 2021-04-30 19:08:27 +00:00
Omar Polo 737a6b50c5 ensure %p (path) is always absolute 
with the recent changes, sometimes the path may not start with a '/'.
This ensures that %s is ALWAYS an absolute path.
 2021-04-30 19:07:37 +00:00
Omar Polo fdea6aa0bc allow ``root'' rule to be specified per-location block 2021-04-30 17:16:34 +00:00
Omar Polo 9d092b607a fix IRI-parsing bug 
Some particularly crafted IRIs can cause a denial of service (DOS).
IRIs which have a trailing `..' segment and resolve to a valid IRI
(i.e. a .. that's not escaping the root directory) will make the
server process loop forever.

This is """just""" an DOS vulnerability, it doesn't expose anything
sensitive or give an attacker anything else.
 2021-04-12 20:11:47 +00:00
Omar Polo c836cdfadb handle CGI scripts that replies with the maximum header length allowed 
the 1024 bytes limits is for the META only, not for the whole
response.  That means that the maximum size for the header line is
1029!
 2021-03-29 09:42:06 +00:00
Omar Polo 052c9d2403 kill only $pid during regress testing 
before we did `pkill gmid', but that would influence also other
instances of gmid!
 2021-03-20 08:51:58 +00:00
Omar Polo 62e001b067 move all sandbox-related code to sandbox.c 
while there, add capsicum for the logger process
 2021-03-20 08:42:08 +00:00
Omar Polo bc99d868bc refactoring: imsg everywhere 
use imsg to handle ALL kinds of IPC in gmid.  This simplifies and shorten the
code, and  makes everything more uniform too.
 2021-03-19 19:21:29 +00:00
Omar Polo 17458f11e1
sync global variables 2021-02-23 13:44:20 +01:00
Omar Polo a4188b7865 echo parsing test result 2021-02-12 11:27:52 +00:00
Omar Polo e1b4612359 dup line 2021-02-12 08:49:31 +00:00
Omar Polo 4ad0601d18 link to compat/ even in regress 
this unlocks the full regress tests on arch, for instance, or every
OS where we don't have strl*
 2021-02-10 22:06:16 +00:00
Omar Polo 49b73ba1ab fix "first location" bug 
reported by devel at datenbrei dot de.  The first location would
overwrite the default value for a server, triggering the "`foo' rule
specified more than once" error.  This also needed a small tweak on
how we match locations to avoid breaking other tests.
 2021-02-10 16:37:08 +00:00
Omar Polo 2898780aea fix ca generation 2021-02-10 15:09:08 +00:00
Omar Polo d3f073c9ed don't delete valid.ext 2021-02-09 22:40:04 +00:00
Omar Polo 02be96c6dd add `require client ca' rule to require certs signed by a CA 2021-02-09 22:30:04 +00:00
Omar Polo 2ff026b09b add conf for a ca 2021-02-09 22:12:19 +00:00
Omar Polo 319b7fa909 define conf in the test program, not in puny.c 2021-02-08 12:43:36 +00:00
Omar Polo b63e30ff44 define TLS_CLIENT_NOT_BEFORE/NOT_AFTER in CGI scripts 2021-02-07 21:47:01 +00:00
Omar Polo 9f006a2127 [cgi] split the query in words if needed and add them to the argv 2021-02-07 18:55:04 +00:00
Omar Polo 3abf91b0b4 improve logs management 2021-02-07 15:30:28 +00:00
Omar Polo 2564eddee4 add set -e to env script 
It avoids some long sequences of "echo: IO error" when the client
close the connection before EOF.
 2021-02-07 11:32:53 +00:00
Omar Polo 3704b36bda add script for the regress suite 2021-02-06 18:29:36 +00:00
Omar Polo e3ddf39095 add the ``entrypoint'' option 2021-02-06 18:28:43 +00:00
Omar Polo afc025ff60 restart the daemon instead of kill+start 
this way we can also test the reload capability!
 2021-02-06 17:35:48 +00:00
Omar Polo 6abda252e9 added ``block return'' and ``strip'' options 2021-02-06 17:22:37 +00:00
Omar Polo 4125c94fda make sure @ is allowed, and rephrase another test 2021-02-06 13:57:12 +00:00
Omar Polo 8404ec301f don't %-decode the query 2021-02-05 14:31:53 +00:00
Omar Polo 87f2b68b58 cgi now follows globbing rules 2021-02-02 22:38:35 +00:00
Omar Polo 5f715ce43f print the header in the directory listing 2021-02-02 09:48:32 +00:00
Omar Polo 35744950aa simplify handle_cgi 
Now that I got rid of the enum+switch, adding more state is easier.
Before, we used an hack to remember if we had read the CGI reply or
not (c->code = -1).

This introduces a new state, handle_cgi_reply that reads the CGI
script reply, logs it, and only then switches to handle_cgi.
handle_cgi itself is cleaner, now it only reads into c->sbuf and send
what it had red.

We even get, almost for free, the 42 error.  If read exists with -1 or
0 from in handle_cgi_reply, we return a proper error to the client.
We can extend this further in the future and also try to validate the
CGI reply (for now we're only looking for a \n).
 2021-02-01 22:04:51 +00:00
Omar Polo 1e7591a922 parse_err is a const pointer 2021-02-01 19:58:04 +00:00
Omar Polo 6ff23c6739 use absolute paths in the regression suite 2021-02-01 11:04:21 +00:00
Omar Polo e7c7f19c4e more IRI tests 
ensure non-encoded and pct-encoded hostnames are parsed correctly
 2021-01-29 18:52:36 +00:00
Omar Polo cef60084e6 fix puny-test build 2021-01-29 18:51:35 +00:00
Omar Polo 44ee1bac8b use starts_with in puny.c 2021-01-27 15:35:09 +00:00
Omar Polo 46af8c6cfe drop the daemon config in favour of the -f flag 
Now it daemonize by default when running with a config, unless the -f
flag is given.
 2021-01-27 12:04:37 +00:00
Omar Polo 7957cbd9aa const-ify puny_decode (and add puny.c) 2021-01-27 11:21:23 +00:00
Omar Polo 3300cbe06a initial punycode support 2021-01-27 10:47:49 +00:00
Omar Polo 252908e6bb added support for location blocks 2021-01-24 18:53:26 +00:00
Omar Polo c8b7433918 added support for location blocks 2021-01-24 14:11:40 +00:00
Omar Polo 7b31a6386d test CGI with big files 2021-01-24 10:24:34 +00:00
Omar Polo e7a2a99b5a added index option 2021-01-24 09:14:01 +00:00
Omar Polo 6cdecad88d fix test portability 
wc return 2048 on fedora (it doesn't count the trailing \n), while on
OpenBSD, Void linux on aarch64 and Alpine linux on vmd(8) returns
2049.
 2021-01-23 17:44:23 +00:00
Omar Polo 2349b02b26 bump the key size a little 
on fedora with libretls (running on top of openssl) it won't open the
key otherwise.
 2021-01-23 17:42:04 +00:00
Omar Polo ce06cdc5bd drop gg.py 2021-01-23 17:11:16 +00:00
Omar Polo 31a4993a94 use gg instead of gg.py for the regression suite 2021-01-23 17:10:00 +00:00
Omar Polo 3309ef975c accumulate the whole response line for CGI scripts 2021-01-23 15:32:38 +00:00
Omar Polo c421bd46ed drop genbigfile 2021-01-22 17:24:33 +00:00
Omar Polo 609fc9f9d9 use a c program to fill the file 
it's several order of magnitude faster than the equivalent shell script
 2021-01-22 17:18:55 +00:00
Omar Polo 99f95f7762 fix for sha256sum 2021-01-22 17:14:40 +00:00
Omar Polo 5c2e310ede brand new regress suite 2021-01-22 16:48:04 +00:00